private void throwSecurityViolationIfNotAllowed(final IObject i) {
final String type = i.getClass().getName();
final Details d = i.getDetails();
final long user = d.getOwner().getId();
final long group = d.getGroup().getId();
final EventContext ec = getSecuritySystem().getEventContext();
final boolean root = ec.isCurrentUserAdmin();
final List<Long> leaderof = ec.getLeaderOfGroupsList();
final boolean pi = leaderof.contains(group);
final boolean own = ec.getCurrentUserId().equals(user);
if (!own && !root && !pi) {
if (log.isWarnEnabled()) {
log.warn(
String.format(
"User %d attempted to delete " + type + " %d belonging to User %d",
ec.getCurrentUserId(),
i.getId(),
user));
}
throw new SecurityViolation(
String.format("User %s cannot delete %s %d ", ec.getCurrentUserName(), type, i.getId()));
}
}
public boolean isOwnerOrSupervisor(IObject object) {
if (object == null) {
throw new ApiUsageException("Object can't be null");
}
final Long o = HibernateUtils.nullSafeOwnerId(object);
final Long g = HibernateUtils.nullSafeGroupId(object);
final EventContext ec = getCurrentEventContext();
final boolean isAdmin = ec.isCurrentUserAdmin();
final boolean isPI = ec.getLeaderOfGroupsList().contains(g);
final boolean isOwner = ec.getCurrentUserId().equals(o);
if (isAdmin || isPI || isOwner) {
return true;
}
return false;
}
/**
* @see SecuritySystem#isGraphCritical()
* @return
*/
public boolean isGraphCritical() {
EventContext ec = getCurrentEventContext();
long gid = ec.getCurrentGroupId();
Permissions perms = ec.getCurrentGroupPermissions();
boolean admin = ec.isCurrentUserAdmin();
boolean pi = ec.getLeaderOfGroupsList().contains(gid);
if (perms.isGranted(Role.WORLD, Right.READ)) {
// Public groups (rwrwrw) are always non-critical
return false;
} else if (perms.isGranted(Role.GROUP, Right.READ)) {
// Since the object will be contained in the group,
// then it will be readable regardless.
return false;
} else {
// This is a private group. Any form of admin modification is
// critical.
return admin || pi;
}
}
